Dne 30.7.2015 v 17:28 Orion Poplawski napsal(a):
On 07/28/2015 11:09 PM, Jan Cholasta wrote:
Dne 20.7.2015 v 19:52 Orion Poplawski napsal(a):
On 07/20/2015 12:57 AM, Jan Cholasta wrote:
Dne 15.7.2015 v 20:57 Orion Poplawski napsal(a):
On 07/14/2015 11:53 PM, Jan Cholasta wrote:
# ipa-replica-prepare -v ipa1.nwra.com --dirsrv_pkcs12=nwra.com.p12
--dirsrv_pin=XXXXXX --http_pkcs12=nwra.com.p12 --http_pin=XXXXXX
Directory Manager (existing master) password:
(SEC_ERROR_LIBRARY_FAILURE) security library failure.
I was able to debug this in gdb and tracked it down to a low entropy
condition. Details noted in https://fedorahosted.org/freeipa/ticket/5117.
Looks like prng_instantiate is being called 2-3 times and there just isn't
enough entropy:
Breakpoint 1, prng_instantiate (rng=0x7fffe5f9d3a0 <theGlobalRng>,
bytes=bytes@entry=0x7fffffffc220 "\304(\336\350F8\375㨟\177\325\017+\302
\230\"e\215\bf\201Rw;\300\260\330\366\315\342\235\034]\374J\324&\263",
len=110) at drbg.c:160
160 if (len < PRNG_SEEDLEN) {
1: len = 110
(gdb) c
Continuing.
Breakpoint 1, prng_instantiate (rng=rng@entry=0x7fffe5f9f620 <testContext>,
bytes=bytes@entry=0x2153b70
"\216\234\r%u\"\004\371\305y\020\213#y7\024\237,\307\v9\370\356\357\225\f\227Y\374\n\205A\240;\025\002",
len=len@entry=32) at drbg.c:160
160 if (len < PRNG_SEEDLEN) {
1: len = 32
PRNG_SEEDLEN is 55 I think.
I wouldn't have thought that this might be the cause.
Thank you for the investigation!
--
Jan Cholasta
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
